I am using Facebook SDK 3.5.1 in my app, my requirement is that i have logged in the app via facebook with one user (say user A) and now if i login with other user (say user B) in mobile safari/facebook app (which one is available), in this case can my app get notified that another user logged in other than one who is logged in app.
Any references or ideas?
the user logged in still A, when the facebook sdk perform a login a token is obtained and stored localy in your application data, untill this token still valid the user A still logged in, when the token expire there are 2 option, the fb library renew the token silently and user A still logged in or the library need to autenticate again the user, at this point it's possible that a login dialog is presented by the fb library or the session expire and so a logout, and after a new login process the logged in user will be B. In case of iOS6 with a facebook account is pretty much the same a part for the renew process, so could be possible to fail the renew earlier because the user is changed... at the no, the library doesn't notify you that the user is changed, the app will be just logged out when the fb session expire
Related
I'm creating a book library app, where people buy an account and become able to read all the books...
In the past, we were able to get the UDID of the iOS device and the login only works from this specific UDID.. now apple prevents this, another solutions were there like OPEN-UDID but now doesn't work...
Are there any other means to prevent the user from giving the credentials to another people??
The only solution on top of my head now is this :-
When a user login, a flag on the server becomes true, and when another account try to login using the same credentials, it will show an error message "you are already logged in on another device".. when the original user logs out, the flag becomes false.. this will prevent the account from being used on multiple devices at the same time.. but the drawback is, what if the user unInstalls the app without logging out?
Is there a research on this topic that covers all these scenarios?
Is there a way to use apple keychain or iCloud or any other solution ?
What you can do is on new login invalidate api request(and send them to login screen) of previous login you can use device token with each api to check if you want to send data to device or it's a old login token and needs redirect to login. you have to just store a device token for each account login if it matches then send data else redirect to login
Edit 1:
if you uninstall the app then you have to login again from other device to access the books(data) and in each login you'll replace the old token with new one. Now only device which has this new token can access books. All other device if there are any login left in any device then they will get message from API that token not matched and you have to redirect them to login page again
I'm getting my head around using Facebook login on iOS apps made in AIR. I have a class I bought, which takes care of Facebook auth stuff, and have got it working, but I'm concerned about the safety of it.
I also have a web app that successfully uses FB login. I store the user's FB id in my database so that when they log in, I can connect them to their user data on my site, just as I would if they used a username/pass.
Comparing my web app Facebook login process to iOS:
WEB APP:
User clicks 'log in with Facebook'.
Facebook tells my server the user is indeed logged in, and returns their Facebook ID, which I search for in my system, and if found, log them into my site - all secure as it's server-side.
iOS:
User clicks 'log in with Facebook'.
Facebook tells my app the user is logged in, and returns their Facebook ID (no longer server-side)
My app sends my server the user's Facebook ID, my server searches for it in my system, and if found, logs them in
The iOS way seems vulnerable to someone hacking your app and sending you any old Facebook ID to log into your system with, which can't really happen with the web app login process above.
Your thoughts? How should FB login be done on iOS?
Thanks for taking a look.
I have FB connect implemented in my app. After battling with the FB app installed on a user's phone, I finally had success forcing the standard FB dialog and bypassing the FB app
(see iOS: Connect to Facebook without leaving the app for authorization)
My new problem is that I cannot seem to switch FB users within the app. When I click the "Login with Facebook" button from within my app, it quickly brings up the FB dialog, dissappears, and always logs me back in with the previous user (meaning I have no way to switch FB users).
I've check both Safari and the FB app, and neither are logged in. Do I have to tell FB to log out the previous user before a new user/pass is prompted?
Thanks
Your implementation probably saves user's access token in NSUserDefaults. If it is so - you just need to delete it from NSUserDefaults any time there is a logout or you're switching users.
Also if needed you are able to deauthorize the user by making a DELETE graph API call to uid/permissions.
hope this helps
I have successfully let users to connect to my web application with twitter oauth. And I can insert user information after they logged in.
My problem with is that existing users are always redirected to the Allow/Deny application screen on twitter each time they click on sign in with twitter.
How can I skip this step for my existing users so they don't have to click on allow every time they sign in?
I am using this library: http://www.haughin.com/code/twitter/
thanks.
This is done with the Sign in with Twitter flow. Instead of sending users to https://api.twitter.com/oauth/authorize?oauth_token=xyz send them to https://api.twitter.com/oauth/authenticate?oauth_token=xyz. In this case if the user has previously authorized your app and are already authenticated with twitter.com they will automatically be redirected back to your app without being prompted to allow/deny access.
When a user authorizes your application to use their Twitter account, Twitter gives you two tokens: OAuthToken and OAuthTokenSecret.
Stores these tokens in a cookie, or a settings file, or whatever.
Then, the next time you need to make a request to Twitter on behalf of this user, you use those tokens.
I am integrating my app with FaceBook on iPhone. When the first time user log's in I would like to ask him to enter the FaceBook credentials, but after than whenever he come back to my app I don't him to show the login screen again. So I have two questions
How does this single sign on works? - it says that if the user is already logged into FaceBook through some other app, FaceBook login screen will not be shown to him, so does the FaceBook gives the same access token and expiry time as it has given to the other app or does it create a new access token and a new expiry time?
So after the expiry time, user will be presented the FaceBook login page again? I really don't want this to happen, is this is way to avoid it.
One solution that i can think of this to make a request with the permission for offline_access, in which case the token will never expire, any other solution guys?